Identity exists to provide a trust foundation for digital systems.
Core Purposes of Identity
Purpose Description Example
Authentication Prove who you are. Logging into your Microsoft account with a
password and MFA.
Authorization Decide what you can do. Accessing HR documents because you’re
part of the HR group.
Auditing Record who did what, when,
and where. Tracking that “Alex deleted file X at 3 PM.”
Administration Manage identities and
access. IT granting temporary admin rights to a
user.
Identity Provider (IdP)
An Identity Provider (IdP) is a trusted system that creates, stores, and verifies digital
identities .
Example:
Microsoft Entra ID acts as the IdP for your organization’s users.
Key Functions of an IdP:
1. Repository of user identities.
Stores usernames, passwords, and attributes.
2. Authentication system.
Validates user credentials.
3. Security protocols.
Protects against breaches.
4. Trust establishment.
Acts as a reliable source for Single Sign-On (SSO).
SSO Example:
You log in once to Microsoft Entra ID and then access Teams, SharePoint, and Outlook
without re-entering credentials.
Common Identity Protocols
1. OpenID Connect (OIDC):
o Built on OAuth 2.0 .
o Used for authentication .
o Provides JSON Web Tokens (JWTs) for identity data.
Example: Logging into a web app using your Microsoft account via “Sign in
with Microsoft”.
2. SAML (Security Assertion Markup Language):
o XML-based protocol for authentication and authorization between an
Identity Provider and a Service Provider .
Example: Logging into Salesforce using your company credentials via Entra
ID.
In Summary
Identity is the core of Zero Trust .
It ensures verified access and continuous protection across all environments.
Microsoft Entra ID serves as the control plane , enabling authentication,
authorization, auditing, and administration at scale.